Publishing details
Changelog
jackson-databind (2.8.6-1+deb9u4build0.17.10.1) artful-security; urgency=medium
* fake sync from Debian
jackson-databind (2.8.6-1+deb9u4) stretch-security; urgency=high
* Team upload.
* Fix CVE-2018-7489: allows unauthenticated remote code execution because of
an incomplete fix for the CVE-2017-7525 deserialization flaw. This is
exploitable by sending maliciously crafted JSON input to the readValue
method of the ObjectMapper, bypassing a blacklist that is ineffective if
the c3p0 libraries are available in the classpath. (Closes: #891614)
-- Steve Beattie <email address hidden> Thu, 03 May 2018 23:12:44 -0700
Builds
Package files